Maybe you could study how the difficult-to-break copy protection (the one that Maya and other high-end graphics packages use) schemes work? The protection for Maya took months to break.

Warren Henning
Sunday, July 6, 2003

Warren,
rumour has it Maya 5.0 Unlimited was released by a group even before it hit shelves. Perhaps it took those mentioned months until it was available on publicly available russian web pages.

Johnny Bravo
Sunday, July 6, 2003

Yeah dudes, I've never heard of anything that took three months to crack. You've got somewhere around 8 million crackers worldwide, of whom most are immune to prosecution because of their age, country of origin, or ability to hide their tracks. Among them, there are about 250,000 that are extremely smart and persistent, as well as having tons of free time. They participate in a community in which the only way to get respect is to be the first to crack a new release. Cracking a novel scheme is worth even more. They have distributed computer clusters that far exceed anything the NSA has and crack strong encryption every day. If you contact them, they will offer to stop cracking your program if you hire them for six figure salaries, but unless you can hire all 250,000 of the core crackers, there's no point.

But you should still have copy protection since without it, the average joe user will feel very comfortable passing your software around. By having to go through crackers, there is at least the fear of trojans.

Do folks have better luck with hardware protection -- dongles and network card queries and 1-800 numbers? Or will we have to wait for Microsoft and INtel to build copy protection deep within the OS at a hardware level?

you have my sympathy
Sunday, July 6, 2003

Here's how we handle it.

We have a full time employee whose sole job is to be involved in the cracker community. He has high prestige because he has been first out the gate with several high profile cracks -- all of our own software of course. Because he is actively involved in producing high profile, high quality cracks, he has also acquired the personal contact info regarding a large number of other crackers. We maintain a mailing address for him near a foreign branch office to cover his own tracks.

This provides us with a couple of advantages: our cracked software contains a trojan that not only logs information about the users computer, but also scans their system for other cracks. This information is transmitted back to us and we share it with a few other companies that use this system. The information is stored in a database where it is made available to the FBI for use in their own investigations.

Corporate Avenger
Sunday, July 6, 2003

Most high end programs use the same license manager (FlexLM). This makes them easy targets because once you crack FlexLM, you've cracked all the programs that use it.

But copy prevention isn't much of a big deal at the high end anyway. The infringers tend to be poor students who wouldn't be able to pay $50,000 for a license even if they wanted to. The biggest reason to use something like FlexLM is to prevent corporate customers from inadvertently cheating on their licenses (e.g. adding an employee while forgetting to buy another seat license). So the copy prevention doesn't have to be bullet-proof - better to make it user-friendly and easy to comply with. (I've heard of license managers that let you run more licenses than you've paid for, only they start sending an email every few hours telling you to pay up :)

Dan Maas
Sunday, July 6, 2003

One more thing: I think watermarked binaries are a cool idea. If every binary you distribute is unique, it should be very easy to figure out who is leaking your software to crackers :)

Beta versions of Lightwave used to include the tester's name in the title bar - people who leaked the software were easily identified and dealt with... (of couse make sure you include a subtler watermark that is not as easy to hex-edit out...)

Dan Maas
Sunday, July 6, 2003

Well, same problem as the RIAA is facing, they're in the business to make money, but people are sharing, and people enjoy sharing what they spend money. It's a lost battle. But it's your decision if you want to stay in business, or retire [before the crackers will, because they will not].

In their own words: "In addition, we didn't get the revenue and profit growth we expected. Therefore, we've decided to discontinue product activation next season."

Bobb
Sunday, July 6, 2003

LOL!
More like "Holy crap did this hurt our sales. We're scurrying away as fast as we can"

Pretty silly to try to lock a $50 piece of software that people only need one copy of, anyway.

Philo

Philo
Sunday, July 6, 2003

I find it funny that people worry about trojans in cracks.

The cracking groups are generally higher profile and something I'd be more likely to trust than a random shareware developer.

And the horse you rode in on
Sunday, July 6, 2003

"our cracked software contains a trojan that not only logs information about the users computer, but also scans their system for other cracks."

If I knew that your software did this I would never buy it if you didn't notify all your customers of your dishonest, immoral policy.

Warren Henning
Sunday, July 6, 2003

Warren -
a) I think he's trolling
b) Assuming he's not, I read that they distribute the cracks for their own software and the *crack* installs the trojan. But I could be wrong.

Philo

Philo
Sunday, July 6, 2003

Is this illegal? Should send it to the FBI if so.

Homo Ironicus
Sunday, July 6, 2003

No, it's not illegal. The cracked software is acquired illegally and so anything it does is not our responsibility. Of course it doesn't do anything harmful, it's no more nefarious than spyware -- it monitors the user and reports back. But instead of monitoring the user's web surfing or music habits, it monitors their illegal activity and reports on it. None of this is in the version that is sold through legitimate channels.

There have been some recent changes in the law though that allow content producers to legally hack into the computers of people who are engaging in illegal distribution, but we don't have any interest in that. There's also lobbying in the industry about changing laws to explicitly allow destructive worms to take over the computers of infringers and destroy things, but I personally think that is foolish, although there will likely be some companies that implement these policies.

Corporate Avenger
Sunday, July 6, 2003

Well, if someone knows how to get a trail version creacked, he can detect if there's a trojan (either by anti-virus or firewall).

Which means, that people will not trust you/your software.

As said before, those crackers are more trust worthy than shareware developers, even if you can hire a full time hacker.

Bobb
Monday, July 7, 2003

"those crackers are more trust worthy than shareware developers"

Other little-known facts:

* thieves are more honest than volunteer firemen
* rapists are more compassionite and gentle than psychotherapists
* politicians are more honest than librarians

trivia maven
Monday, July 7, 2003

> As said before, those crackers are more trust worthy than shareware developers, even if you can hire a full time hacker.

Sure, Bobb with two 'b's.'

Monday, July 7, 2003

Actually the legality of pre-emptive measures in this isn't at all clear, nor is the use of destructive measures , since allowing the escape of some destructive process or material is a basic tort (Rylands and Fletcher).

Maintaining usage information as well, regardless of why, and recording it without the express authority of the owner of that machine is certainly a breach of Data Protection Laws withing the EU. Whether someone that uses a cracked version is likely to complain is another matter.

Simon Lucy
Monday, July 7, 2003

Some more advanced copy-prevention schemes are so complex they bring a significant performance hit (e.g. due to run-time code verification). I remember at least one case in which the cracked version of a certain program was reported to perform much faster than the licensed version. So in effect the crackers were delivering a superior product.

The founders of Autodesk made public some fascinating internal documents about their implementation, abandonment, re-implementation, and re-abandonment of hardware-based copy prevention (among other things). These make good reading:

One of the dumb decisions that DRI made over Multiuser DOS was to supply dongles with european copies but US copies didn't have a dongle.

Guess what happened.

Simon Lucy
Monday, July 7, 2003

Incidentally, for those who feel that Microsoft is a "convicted monopoly" [sic], copy protection on Windows is (IMHO) an example of abusing monopoly power. Intuit just joined the ranks of companies that have ditched copy protection schemes because they hurt sales. MS may never do so because, as a monopoly, they feel no threat.

But it's interesting to note that since they've implemented software activation, they've also mounted an increased offensive against Linux - most likely because between software activation (meaning you now have to pay for Windows for every computer) and a massive increase in the cost of open licensing, Linux suddenly became incredibly attractive on the desktop.

Of course, the real gotcha is that it would be near impossible to mount a legal challenge that software activation was an antitrust violation because it keeps us from violating copyright like we've all been doing for years. [grin]

Philo

Philo
Monday, July 7, 2003

Waht are dongles?

smurf975
Monday, July 7, 2003

A hardware device that swap your "A" and "H" keys around :)

Damian
Monday, July 7, 2003

Dongles are generally not much more difficult to crack than software protections. Simplified, it's a question of finding the "Check if right dongle is inserted" code and noping that out.

Don't use hardware connected protection schemes either, unless you like to annoy your legal customers and providing support is a hobby. Network Mac addresses are terribly unreliable, just like HD partition IDs.

Ask yourself if you really want to be fighting crackers, while your competition is adding cool new features.

From that article: "It Will NEVER be Pirate Proof". While it holds true for now, with the advent of Nexus/Palladium software comapnies will be able to create applications which then run in a secure environment which is protected by the CPU itself, i.e. in hardware. No SoftICE etc. will enable a "determined person" to break into that area and e.g. find out how serial numbers are validated.

While Nexus will not be the end of your privacy, it might certainly put an end to cracking software.

Johnny Bravo
Monday, July 7, 2003

For at *least* fifteen minutes.

Philo

Philo
Monday, July 7, 2003

While Nexus will not be the end of your privacy, it might certainly put an end to cracking software.

Johnny Bravo, you cannot possibly be that ignorant. Cracking will never stop. Each time a new anti-piracy technology is produced, it is cracked. Even with CPU protection, it is certainly conceivable that at least one of the thousands of crackers out there would figure out a way to bypass it.

I suppose we will not know until that time comes.

J S
Monday, July 7, 2003

Technology is not enough. We need a combination of tech making it "hard enough" to weed out the crowd and legal enforcement that acts as a deterrant.

Would you also argue that 100$ bills do not need fancy copy protection tech, because "the funy money guys will find a way to duplicate it anyway"?
When was the last time you tried to present a fake 100$?

Just me (Sir to you)
Monday, July 7, 2003

The reason that the hardware security will work is that the only way to bypass it is though messing with your hardware. Sure, a number of people will do it. But most people will not go that far.

When you can just copy software, everyone will do so.
When it requires a crack, a large percent will do so.
When it requires a hardware mod, only a minority will do so.

Marc
Monday, July 7, 2003

J S,

there's already a number of papers out there describing the inner workings of e.g. the TPM module. Sure, theoretically, the TCPA system can be cracked, but so can PGP.

To get a glance of what might come in the future, take a look at the "XBOX Hack" project. Any attempt to find a backdoor or even scan the hardware to find a software-only hack was futile. Just some days ago, however, an exploit for a bug in XBOX' dashboard software was published. So the weakest link was not the hardware, but the software. You can bet Intel will put some efforts in its software validation process to let the platform not be compromised by weak software systems built around TCPA.

One might argue then that (1) Intel had processor bugs in the past, so why should TCPA/TMP have none?, or (2) there'll be mod chips for Intel's TMPs. But as was pointed out before: the average user certainly will not have access to such "countermeasure" technology.

Johnny Bravo
Monday, July 7, 2003

Pretty much the only way that they could make TCPA secure would be to do random house-checks. Well, that, or require any secure applications to run on a server machine that users don't have access to.

No, really. They've already mathematically proven that, without hardware support for any TCPA-like tools, any software can be cracked. And they've done some astonishing hardware cracks as well doing interesting side-band techniques. Like bombarding the circuit board with microwaves or gamma rays to create memory flaws that can be abused. Or monitoring how much power a smart card uses while encrypting to lower the amount of probabilities you need to brute force. Once a piece of hardware is not under the physical control of the creator and the creator's confederates, just about anything can happen.

It is cost-prohibitive to tamper-resistant every single currently for-sale circut board and tends to create heat dissipation problems for hot components like 7200+ rpm drives, graphics cards, processors, etc. That, I'm really starting to believe that many of the supposed tamper-resistant techniques for encasing a circuit board are about as secure as your average bank vault.

The biggest problem is that, if TCPA or something similar got widespread acceptance, the inventives grow. Imagine the respect that one m4d cr4ck3r out of the pool of 250,000 eligible d00dz would get for throwing open the doors of a laboriously-constructed standardized security framework.

Flamebait Sr.
Monday, July 7, 2003

Cracking always breaks down to.

If (legal) then
execute code
else
Error...

That is just one cmp statement.

Even if "legality" involves dongles or scary encryption, you still have that cmp that puts you on the right path or not.

It is easy to find the particular cmp in 24 hours, esp. if your software is popular. It will likely be near the beginning of execution, and with the advanced debuggers and de-compilers, it is very straightforward. Not that I have done it before.

The solution that my company ran into by accident was releasing a new version of the product every week for about 4 weeks. The cmp kept moving around, and eventually there were a dozen or so cracks, but nobody could figure out which crack went with what version. If they applied the wrong patch, the ended up zeroing out something important, and the path failed. It seemed that the hackers have given up, I haven’t seen a crack for months.

--
ee

eclectic_echidna
Monday, July 7, 2003

Now that is *very* clever. Don't try to defeat them with technology, just piss them off with the sheer drudgery of the process. It strikes right at the heart of the cracker mentality! "Jeez, you mean I have to do it again? Why bother, it doesn't prove a thing"

Bruce Schneier would be proud of that idea, and if it's OK with you I'm going to remember it and use it when I have need...

Too beautiful :-)

Matt
Monday, July 7, 2003

> Cracking always breaks down to.

I don't think that's true in theory or in more apps

The shareware package that I have been working on (writing it, not cracking it!) doesn't

Imagine for example, simplified

1. Get data from user's password
2. Use that data in numerous places in the operation of the application

To reverse or patch it, they must understand what data is supposed to be for the application to function correctly which if could be extremely tough or tedious.

To generate a password, they must be able to reverse the data into a password. You could design the application so password to data is relatively easy, but data to password is prohibitive

S. Tanna
Monday, July 7, 2003

I'd go with ee. Checking data 20 times in different parts of the app is still just checking password, it just takes a day or two to find all of the places, instead of 10 minutes.

Flamebait Sr.
Monday, July 7, 2003

Do any of the anti-piracy schemes defeat the following technique?

1. Pay for a license.
2. Find bitwise differences in system before license and after license.
3. Append lincensed product (and all appropriate post-license differences) to the end of your haxor welcome scheme.
4. Distribute.

David Blume
Monday, July 7, 2003

"Other little-known facts:

* thieves are more honest than volunteer firemen
* rapists are more compassionite and gentle than psychotherapists
* politicians are more honest than librarians "

Spoken like someone who truly has no idea what the hell they're talking about.

Cracking groups dont crack software because they want the software in question, they do it for prestige.

If you put out a dodgy release, bang, you've blown any name you had in that community to shit.

That's what I meant when I said that cracking groups are usually bigger names than your average shareware developer, and hence I'd be more inclined to trust a crack had no viruses or trojans than the original product.

It's simply not worth it for a large cracking group to release trojans. Maybe some malicious kid working on his own, but heck, when basically every crack you'll ever find is done by one of the big name cracking groups, it would have to be pretty rare.

In any case, given the amount of shareware that is infested with spyware or worse these days, I fail to see how you can paint them as the good guys in all this.

And the horse you rode in on
Monday, July 7, 2003

I do agree that most crackers are there for the prestige. Which is exactly why eclectic_echidna's recommendation is such a good one. It gets to the cracker's soft spot: prestige.

Imagine the uber-cracker bringing out a crack for your greatware 2.1. Now replace that download the next day with a slightly changed version (without changing the version number of course). Now all his friends will tell him his crack doesn't work. Chances are he will put his effort in some other software from a company that doesn't cheat by playing such dirty tricks on him.

Jan Derk
Monday, July 7, 2003

Bigger challenge... More prestige???

Homo Ironicus
Monday, July 7, 2003

Greatware 2.1 would have to be a trivial application. Great applications must be stable. MS Office could issue a service pack each month, but their customers wouldn't stand for it. Also the File size and date stamp would have to be the same if you were to fool anyone.

I work for a bank and before software goes out to 10,000 banking computers it has to be tested. If another version is introduced the next day, then that version will have to be tested as well. Eventually the developer will have to stand behind a version that is considered stable and will be in place for a long enough time to warrant distribution. That is the version that will be cracked.

eclectic_echidna may be correct about the ease of cracking with a surgical hack, but most cracks that I have seen use key generators in combination with the original EXE, not hacked .EXEs (supporting S Tanna's post). My experience with this is limited, however, and maybe hacked .EXEs are more common than I have seen.

Sorry BB

RW
Monday, July 7, 2003

One thing about dongles, there are at least 3 kinds

1. Simple hard-coded ones. You detect if the dongle is present in your app. I assume a cracker would try to take out the checks

2. Memory ones. You have memory in the dongle you can program (for your dongles only) and access. If you just checked the memory, that would be similar to 1, (although you could program dongles with different data for different feature sets). However I guess you could do something more complex

3. Algorithmic ones. Where the dongle runs an algorithm (which may be customizable). You might be able to make the algorithm essential to the correct functioning of the application - which means a cracker would have to write new code to simulate the algorithm

I have looked into dongles several times. In past, three other problems apart from pain for users (and cost for developer to have inventory, develop code, and ship them): (1) parallel port dongles might interfere with special operations of printer (probably rare, but i think i once ran across one case like this), (2) windows nt v 9x - some dongles require different implementation/integration on these 2 platforms, (3) now you have usb vs parallel dongles too - at best you double your inventory - at worst you ship some users the wrong kind of dongle.

on the plus side to dongles - i think users do understand them - they make intuitive sense - i think much more so than some other ideas for copy protection

S. Tanna
Monday, July 7, 2003

oh yeh, i forgot, (4) some dongles are slow to read/access. this could be an issue if you want to pepper your code with checks

S. Tanna
Monday, July 7, 2003

S Tanna - don't forget that there's a possibility your users may actually run software other than yours, so your dongle can't interfere with other dongles (which you have no access to)

As far as "users will understand" - no, not really. We hate them. With a passion. And the first competitor with a comparable product and no dongle is going to unseat you VERY quickly. Look at Quicken - a market leader, yet as soon as they implemented product activation their customers fled in droves, and that's not even a hardware dongle.

Philo

Philo
Tuesday, July 8, 2003

By "understand", I mean comprehend

I mean comprehend how the scheme works, namely plug in dongle = use program. There is a simple analogy - plugging your TV into the electrical socket to use it.

whereas in my experience fewer users (except user's adminsand sometimes not even them) comprehend things like concurrent floating users on a network, or software locked to hardware-id, etc. There is no familiar simple analogy that I'm aware of for these, to help users comprehend.

"understand" in the other sense, namely saying "Yeh I'm okay with it", is of course not necessarily true, and in any case an entirely different issue

As for chaining dongles. I guess the problem could arise. I never ran across it. Problems with parallel dongles and the printer - I did run across it - but very very very rate.

S. Tanna
Tuesday, July 8, 2003

I think althought the dotbomb confirmed otherwise, web services are among the best ideas to come in favor of anti-piracy efforts.

If you can design a software that practically depends on complex business logic or procedures located on proprietary servers (using web services or something obscure), you are guaranteed that the cracking effort of a cracker must meet the time spent to program at least those part of the software.

The downside is you have to find someone to provide those web services 24/7/365 with enough availability and scalability to make your customers happy. Only way that will happen is if you have tons of cash to burn or your customers are willing to run the servers for you in a manner that gives them the availability they need but meets the requirements for always doing license key challenges. If you let the users run the servers for you you have to police the server community.

Li-fan Chen
Tuesday, July 8, 2003

The idea is simple: If the computer can execute the code then it can be cracked. It's like music with copy protection, if you can hear it you can copy it.

Some programs will never have a crack just because the crackers respect it. Try to find any crack to igloo ftp (win32 version). You will not find.

Z
Tuesday, July 8, 2003

Z, have you tried Google?

SomeBody
Tuesday, July 8, 2003

Yes.

Z
Tuesday, July 8, 2003

We used to use dongles to protect our applications and gave them up for a software only solution.

I don't think we ever lost sales to a cracked version, even though you could buy the >$10k suite for $2 on a crack CD.

Some of our more devious customers in the early days used to build a special "octopus" serial cable that would connect one dongle to a bunch of different computers...

Crack for Igloo ftp 3.2 can be found on astalavista. Probably no problem finding/getting a fix for the latest version as well.

hawk
Friday, July 11, 2003

IF THESE BIG COMPANIES LIKE MICROSOFT AND ADOBE AND ALL THE REST OF THE TITLES THAT ARE SOUGHT AFTER SO HIGHLY DIDNT CHARGE SO DAMN MUCH PEOPLE WOULDNT HAVE STARTED CRACKING AND HACKING IN THE FIRST PLACE !!! JUST BECAUSE YOU HAVE A GOOD PROGRAM THAT WORKS BETTER THAN MOST IT DOESNT MEAN YOU CAN TRY TO CHARGE OUTRAGEOUS FUKIN PRICES FOR IT !!! WE CANT AFFORD THAT !!!

BOB SMITH
Saturday, October 18, 2003

ALSO ... IF COMPANIES ARE GONNA START ADDING BACKDOOR VIRUSES AND SHIT INTO THEIR SOFTWARE NUMBER ONE: NO ONE WILL TRUST THEM !!! THEY WILL BE BLACK BALLED OVER THE INTERNET !! AND SECONDLY I'M NOT FULLY SURE BUT WHEN BILL CLINTON PASSED THAT INTERNET PRIVACY AND SECURITY ACT I'M GUESSING THAT WILL VIOLATE EVERYONES RIGHTS !!! WHICH TO ME WOULD SEEM TO CANCELL OUT ANY LAWSUITS THAT THESE COMPANIES WOULD TRY TO BRING ON THE PUBLIC !!
AFTER ALL DONT FORGET THE CRACKERS STARTED MAKING THE CRACKS ALL THE PUBLIC DID WAS AQQUIRE THEM !!!
SO ANYWAY IT GOES LIKE THIS..... STOP MAKING EVERY PIECE OF SOFTWARE SO DAMN EXPENSIVE AND SPREAD THE CHEER AROUND AND JUST MAYBE SALES WILL INCREASE ENOUGH SO THAT THE FEW PEOPLE WHO DO AQQUIRE ILLEGAL SOFTWARE WONT EVEN SEEM LIKE A DROP IN THE BUCKET COMPARED TO THE SALES STATS !!!!!

BOB SMITH
Saturday, October 18, 2003

I think, in general, that most cracking is simply about
finance and curiosity...
If a person is very curious about something...
But fundamently incapable of purchasing it...
Then they will find a crack...

For instance, I literaly had to go without meals
on a regular basis, just to afford a cheap (bargain basement computer)...

But, my interests range from neural networking to
The Virtual Reality Modeling Language...
As well as EEG research (brain waves and neural interfaces)

Crackers perform a service. period.

ElectronShaman
Friday, February 13, 2004

If people want to learn to use software but can't afford to buy it they will apply themselves to cracking it. Then they will use it to learn, then they will make money out of it. Then they may become successful and will have a proper business which will have to pay for it because they might get a fine if they don't. The guy who is at the learning stage isnt going to get caught and if he does he wont get fined much because he isn't using it commercially and therefore doesn't have any $. So the developers get paid ultimately by the funds received from legit business and people who have little money/skill get to learn to use it for free. Sounds pretty fair and meritocratic to me. Radiums cracks for the earlier versions of cubase and the fraunhoffer mp3 codec actually contained loads of bug-fixes and were better than the legit versions. I think the current situation is ideal. See y'all later - peace

the FBI is chasing me using trojans........ gotta get back to the bunker
Friday, February 20, 2004

I find in one of theses sitez a new version of easy card:
card_easy3.zip and geologkit.zip and a other software (i will
say its name)with cracking of pincode and
sha 3 DES of RSA .the AUTHENTIFICATION VALUE WITH THIS WAR(soft)
CAN BE UP THE 128 bit (maximum 4096 bits hexadecimal number)
you can choose it.
the redondance also(max 5120 bits decimal numbers ).
hash fonction exist in this software as sat warez.
This software look like a few "Gezerolee" of s.humpich and l.pele
but this version in english and
japanese (for Japanese Merchant buyers carders , hackers in France)

A ONE EXEMPLE TO explication:
calculators calculate
99999999999999999999999999999999
+11111111111111111111111111111111
=1.11111E+32 OR 3.11111...e+32 it that you find

but with new calculator and good processor of your computer
as penthium3 (minmum 1200Mz) :
99999999999999999999999999999999
+11111111111111111111111111111111
=100000000000000000000000000000000 (up,max 32 caracteres!!(33))

it that tou must find!!!!
french calculator or french win computer softawres calculators
(os calculators) aren't for the moment athaurising to use a so long
mot decimal number excess 32 caracteres for result and more 64
caracteres for hexadecimal numbers result or keys (french law).

Find it you one.yOU WILL FIND IT .
i no say more ABOUT its use because ille...!! good luck of your
shearch!! happy the yes card

rerere rqszss
Friday, April 2, 2004

Funny, I found this thread by looking for some "joel on software"'s stuff.

I actually have a comment about softwares, copy protections and crackers.

Here is my two cents: what most people who create copy protection don't understand are the motivation and the intelligence of the crackers. There are in two categories. The first category is the crackers who want to crack the software to get it for free. Their motivations are evil, and they ofthen tends to go directly to their objective. These crackers will often manage to crack simple protection patterns, but will most obviously fail on a little bit more advanced ones. This category doesn't interest me at all.

The second category are the people who think of cracking as a good chess play. The most advanced the protection is, the most pleased they are. This cartegory is quite restricted, but they often manage to crack very advanced protection schemes. Sometime, they don't even publish their cracks, keeping it for themselves, but msot of the time, they are so proud of their work that they can't refrain themselves from giving the crack to some friends, who'll appropriate it and start spreading it.

So, now, what's the best way to create a copy protection ? If you write a very advanced protection, with several layers, cryptographic, etc, it will most likely interest the second category, usually informed by the difficulty by the first category. So, you shouldn't write copy protections which are too elaborated. Now, if your copy protection is really simple, it will be broken by the first category.

My advice: find the middle of all of that. Create something which seems to be stupid enough to not let the second category interested by it, but strong enough inside to discourage the first category. So, code in Visual Basic. And do messy code. So people will laugh of your code. With dumby parts, like XOR crypto. But, you have to find a way to keep inside that shell of dumbetia a perl of hard, strong and efficient protection code. That's a bit the way of the Tao.